diff --git a/src/action/macos/create_determinate_nix_volume.rs b/src/action/macos/create_determinate_nix_volume.rs index e43b308fd..c3237f0b0 100644 --- a/src/action/macos/create_determinate_nix_volume.rs +++ b/src/action/macos/create_determinate_nix_volume.rs @@ -301,37 +301,55 @@ impl Action for CreateDeterminateNixVolume { let mut errors = vec![]; if let Err(err) = self.enable_ownership.try_revert().await { - errors.push(err) - }; + errors.push(err); + } + if let Err(err) = self.kickstart_launchctl_service.try_revert().await { - errors.push(err) + errors.push(err); } + if let Err(err) = self.bootstrap_volume.try_revert().await { - errors.push(err) + errors.push(err); } + if let Err(err) = self.setup_volume_daemon.try_revert().await { - errors.push(err) - } - if let Err(err) = self.encrypt_volume.try_revert().await { - errors.push(err) + errors.push(err); } + if let Err(err) = self.create_fstab_entry.try_revert().await { - errors.push(err) + errors.push(err); } if let Err(err) = self.unmount_volume.try_revert().await { - errors.push(err) + errors.push(err); } + + let mut revert_create_volume_failed = false; if let Err(err) = self.create_volume.try_revert().await { - errors.push(err) + revert_create_volume_failed = true; + errors.push(err); + } + + // Intentionally happens after the create_volume step so we can avoid deleting the + // encryption password if volume deletion failed + if revert_create_volume_failed { + tracing::debug!( + "Not reverting encrypt_volume step (which would delete the disk encryption \ + password) because deleting the volume failed" + ); + } else { + if let Err(err) = self.encrypt_volume.try_revert().await { + errors.push(err); + } } // Purposefully not reversed if let Err(err) = self.create_or_append_synthetic_conf.try_revert().await { - errors.push(err) + errors.push(err); } + if let Err(err) = self.create_synthetic_objects.try_revert().await { - errors.push(err) + errors.push(err); } if let Err(err) = self.create_directory.try_revert().await { diff --git a/src/action/macos/create_nix_volume.rs b/src/action/macos/create_nix_volume.rs index 8480d83a4..80d855e1f 100644 --- a/src/action/macos/create_nix_volume.rs +++ b/src/action/macos/create_nix_volume.rs @@ -273,40 +273,57 @@ impl Action for CreateNixVolume { let mut errors = vec![]; if let Err(err) = self.enable_ownership.try_revert().await { - errors.push(err) - }; + errors.push(err); + } + if let Err(err) = self.kickstart_launchctl_service.try_revert().await { - errors.push(err) + errors.push(err); } + if let Err(err) = self.bootstrap_volume.try_revert().await { - errors.push(err) + errors.push(err); } + if let Err(err) = self.setup_volume_daemon.try_revert().await { - errors.push(err) + errors.push(err); } - if let Some(encrypt_volume) = &mut self.encrypt_volume { - if let Err(err) = encrypt_volume.try_revert().await { - errors.push(err) - } - } if let Err(err) = self.create_fstab_entry.try_revert().await { - errors.push(err) + errors.push(err); } if let Err(err) = self.unmount_volume.try_revert().await { - errors.push(err) + errors.push(err); } + + let mut revert_create_volume_failed = false; if let Err(err) = self.create_volume.try_revert().await { - errors.push(err) + revert_create_volume_failed = true; + errors.push(err); + } + + // Intentionally happens after the create_volume step so we can avoid deleting the + // encryption password if volume deletion failed + if let Some(encrypt_volume) = &mut self.encrypt_volume { + if revert_create_volume_failed { + tracing::debug!( + "Not reverting encrypt_volume step (which would delete the disk encryption \ + password) because deleting the volume failed" + ); + } else { + if let Err(err) = encrypt_volume.try_revert().await { + errors.push(err); + } + } } // Purposefully not reversed if let Err(err) = self.create_or_append_synthetic_conf.try_revert().await { - errors.push(err) + errors.push(err); } + if let Err(err) = self.create_synthetic_objects.try_revert().await { - errors.push(err) + errors.push(err); } if errors.is_empty() {